Your submission was sent successfully! Close

USN-949-1: OpenOffice.org vulnerability

8 June 2010

OpenOffice.org could be made to run programs as your login if it opened a specially crafted document and examined the included macros.

Releases

Packages

Details

Marc Schoenefeld discovered that OpenOffice.org would run document macros
from the macro browser, even when macros were disabled. If a user were
tricked into opening a specially crafted document and examining a macro,
a remote attacker could execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04
Ubuntu 10.04

After a standard system update you need to restart OpenOffice.org to make
all the necessary changes.

References